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DETAILED ACTION 

Response to Amendment 

The applicant has cancelled claims 1-7 and 15-20 rendering the previously issued 
restriction requirement moot. Claims 8-14 and 21-29 are now pending. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treat} in the f nglish language. 

Claims 8-14 and 21-29 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Patent Application Publication Number 2008/0134286 by AMDUR et al. 

As to claim 8, Amdur teaches a method for policy and attribute based access to a 
resource, comprising: receiving a session request for access to a resource, wherein the session 
request is sent from a service and includes alias identity information for a principal (paragraph 
94, the user's login name is considered the alias); mapping the alias identity information to 
identity information of the principal (paragraphs 95-96); authenticating the identity information; 
acquiring a service contract for the principal, the service, and the resource, wherein the service 
contract includes selective resource access policies and attributes which are permissibly used by 
the service on behalf of the principal (paragraphs 95-96); and establishing a session with the 
service, wherein the session is controlled by the service contract (paragraphs 95-96). 
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As to claim 9, Amdur teaches the method of claim 8 further comprising accessing an 
identity configuration for the principal in order to acquire the selective resource access policies 
and attributes included within the service contract (paragraph 96). 

As to claim 10, Amdur teaches the method of claim 8 further comprising denying access 
attempts made by the service during the session when the access attempts are not included within 
the service contract (paragraphs 95-96). 

As to claim 11, Amdur teaches the method of claim 8 further comprising terminating the 
session when an event is detected that indicates the service contract is compromised or has 
expired (paragraphs 198-199). 

As to claim 12, Amdur teaches the method of claim 8 further comprising establishing the 
service contract with the principal prior to receiving the session request (paragraphs 95-96). 

As to claim 13, Amdur teaches the method of claim 12 further comprising reusing the 
service contract to establish one or more additional sessions with the service, wherein the one or 
more additional sessions are associated with one or more additional session requests made by the 
service (paragraphs 93-96). 

As to claim 14, Amdur teaches the method of claim 12 wherein the establishing further 
includes establishing the service contract with the principal in response to a redirection operation 
performed by a proxy that intercepts a browser request issued from the principal to the service 
for purposes of accessing the resource (paragraph 88). 

As to claim 21, Amdur teaches a policy and attribute based resource session manager, 
residing in a computer-accessible medium, comprising instructions for establishing a session 
with a resource, the instructions when executed performing the method of: receiving alias 
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identity information from a service, wherein the alias identity information is associated with a 
principal (paragraph 94, the user's login name is considered the alias); requesting a mapping of 
the alias identity information to principal identity information; requesting authenticating of the 
identity information (paragraphs 95-96); requesting a service contract for the principal, the 
service and a resource, wherein the service contract includes selective resource access policies 
and attributes derived from an identity configuration (paragraphs 95-96); and establishing a 
session with the service and the resource, wherein the session is controlled by the service 
contract (paragraphs 95-96). 

As to claim 22, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising, permitting the service to indirectly access an 
identity store which represents the resource, and wherein the identity store includes secure 
information related to the principal (paragraphs 95-96). 

As to claim 23, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising terminating the session when the service contract 
expires or is compromised (paragraphs 198-199). 

As to claim 24, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of the mapping further includes interacting with an alias 
translator (paragraphs 95-96). 

As to claim 25, Amdur teaches the policy and attribute based resource session manager of 
claim 21, wherein the requesting of authentication further includes interacting with an 
identification authenticator (paragraphs 95-96). 
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As to claim 26, Amdur teaches the policy and attribute based resource session manager of 
claim 21 having instructions further comprising managing the session by acting as an 
intermediary between the service and a legacy Lightweight Directory Access Protocol (LDAP) 
application which has access privileges to the resource (paragraphs 97-103). 

As to claim 27, Amdur teaches the policy and attribute based resource session manager of 
claim 26, wherein the receiving further includes intercepting a session request that is issued from 
the service for the legacy LDAP application, wherein the session request includes the alias 
identity information (paragraphs 97-103). 

As to claim 28, Amdur teaches the policy and attribute based resource session manager of 
claim 27 having instructions further comprising managing the session with respect to the service 
as if the policy based resource session manager were the legacy LDAP application (paragraphs 
97-103). 

As to claim 29, Amdur teaches the policy and attribute based resource session manager of 
claim 21 wherein the instructions for establishing the session further includes defining the 
selective resource access policies as at least one of a read operation and a write operation and 
defining the attributes as selective confidential data related to the principal, wherein the policies 
define operations that are permissible on the attributes, and wherein values for the attributes 
reside in the resource (paragraphs 95-96). 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DOUGLAS B. BLAIR whose telephone number is (571)272- 
3893. The examiner can normally be reached on 9:00am-5 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Douglas B Blair/ 
Examiner, Art Unit 2142 



